From 6f15b26829c3319d408374754b2da524d0cbe223 Mon Sep 17 00:00:00 2001
From: "Lixia (Sylvia) Lei" <lixlei@microsoft.com>
Date: Wed, 10 May 2023 16:32:37 +0800
Subject: [PATCH 1/3] fix: handle docker.io

Signed-off-by: Lixia (Sylvia) Lei <lixlei@microsoft.com>
---
 registry/remote/auth/client.go      |  6 ++
 registry/remote/auth/client_test.go | 93 ++++++++++++++++++++++-------
 2 files changed, 78 insertions(+), 21 deletions(-)

diff --git a/registry/remote/auth/client.go b/registry/remote/auth/client.go
index 879b5c04..fb8b4b11 100644
--- a/registry/remote/auth/client.go
+++ b/registry/remote/auth/client.go
@@ -57,6 +57,12 @@ var defaultClientID = "oras-go"
 // StaticCredential specifies static credentials for the given host.
 func StaticCredential(registry string, cred Credential) func(context.Context, string) (Credential, error) {
 	return func(_ context.Context, target string) (Credential, error) {
+		if registry == "docker.io" {
+			// it is expected that traffic targeting "docker.io" will be redirected
+			// to "registry-1.docker.io"
+			// reference: https://github.com/moby/moby/blob/v24.0.0-beta.2/registry/config.go#L25-L48
+			registry = "registry-1.docker.io"
+		}
 		if target == registry {
 			return cred, nil
 		}
diff --git a/registry/remote/auth/client_test.go b/registry/remote/auth/client_test.go
index f5688dd1..4fbe30e2 100644
--- a/registry/remote/auth/client_test.go
+++ b/registry/remote/auth/client_test.go
@@ -1990,6 +1990,78 @@ func TestClient_Do_Scheme_Change(t *testing.T) {
 	}
 }
 
+func TestStaticCredential(t *testing.T) {
+	tests := []struct {
+		name     string
+		registry string
+		target   string
+		cred     Credential
+		want     Credential
+	}{
+		{
+			name:     "Matched credential for regular registry",
+			registry: "registry.example.com",
+			target:   "registry.example.com",
+			cred: Credential{
+				Username: "username",
+				Password: "password",
+			},
+			want: Credential{
+				Username: "username",
+				Password: "password",
+			},
+		},
+		{
+			name:     "Matched credential for docker.io",
+			registry: "docker.io",
+			target:   "registry-1.docker.io",
+			cred: Credential{
+				Username: "username",
+				Password: "password",
+			},
+			want: Credential{
+				Username: "username",
+				Password: "password",
+			},
+		},
+		{
+			name:     "Mismatch credential for regular registry",
+			registry: "registry.example.com",
+			target:   "whatever.example.com",
+			cred: Credential{
+				Username: "username",
+				Password: "password",
+			},
+			want: EmptyCredential,
+		},
+		{
+			name:     "Mismatch credential for docker.io",
+			registry: "docker.io",
+			target:   "whatever.docker.io",
+			cred: Credential{
+				Username: "username",
+				Password: "password",
+			},
+			want: EmptyCredential,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			client := &Client{
+				Credential: StaticCredential(tt.registry, tt.cred),
+			}
+			ctx := context.Background()
+			got, err := client.Credential(ctx, tt.target)
+			if err != nil {
+				t.Fatal("Client.Credential() error =", err)
+			}
+			if !reflect.DeepEqual(got, tt.want) {
+				t.Errorf("Client.Credential() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}
+
 func TestClient_StaticCredential_basicAuth(t *testing.T) {
 	testUsername := "username"
 	testPassword := "password"
@@ -2216,24 +2288,3 @@ func TestClient_StaticCredential_withRefreshToken(t *testing.T) {
 		t.Errorf("incorrect error: %v, expected %v", err, expectedError)
 	}
 }
-
-func TestClient_StaticCredential_registryMismatch(t *testing.T) {
-	testUsername := "username"
-	testPassword := "password"
-	targetAddress := "target/address"
-
-	client := &Client{
-		Credential: StaticCredential(targetAddress, Credential{
-			Username: testUsername,
-			Password: testPassword,
-		}),
-	}
-
-	cred, err := client.Credential(context.Background(), "registry/mismatched")
-	if cred != EmptyCredential {
-		t.Errorf("Credential() = %v, want = %v", cred, EmptyCredential)
-	}
-	if err != nil {
-		t.Errorf("got error = %v, expected error = %v", err, nil)
-	}
-}

From 6fd8a81d178c6d3d8438c1edf4537b7479f03fb1 Mon Sep 17 00:00:00 2001
From: "Lixia (Sylvia) Lei" <lixlei@microsoft.com>
Date: Wed, 10 May 2023 16:36:58 +0800
Subject: [PATCH 2/3] fix

Signed-off-by: Lixia (Sylvia) Lei <lixlei@microsoft.com>
---
 registry/remote/auth/client.go | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/registry/remote/auth/client.go b/registry/remote/auth/client.go
index fb8b4b11..37eb65ed 100644
--- a/registry/remote/auth/client.go
+++ b/registry/remote/auth/client.go
@@ -56,13 +56,13 @@ var defaultClientID = "oras-go"
 
 // StaticCredential specifies static credentials for the given host.
 func StaticCredential(registry string, cred Credential) func(context.Context, string) (Credential, error) {
+	if registry == "docker.io" {
+		// it is expected that traffic targeting "docker.io" will be redirected
+		// to "registry-1.docker.io"
+		// reference: https://github.com/moby/moby/blob/v24.0.0-beta.2/registry/config.go#L25-L48
+		registry = "registry-1.docker.io"
+	}
 	return func(_ context.Context, target string) (Credential, error) {
-		if registry == "docker.io" {
-			// it is expected that traffic targeting "docker.io" will be redirected
-			// to "registry-1.docker.io"
-			// reference: https://github.com/moby/moby/blob/v24.0.0-beta.2/registry/config.go#L25-L48
-			registry = "registry-1.docker.io"
-		}
 		if target == registry {
 			return cred, nil
 		}

From 61c72437cda772c86c122808e6efbd3161db95c6 Mon Sep 17 00:00:00 2001
From: "Lixia (Sylvia) Lei" <lixlei@microsoft.com>
Date: Wed, 10 May 2023 16:39:56 +0800
Subject: [PATCH 3/3] fix typo

Signed-off-by: Lixia (Sylvia) Lei <lixlei@microsoft.com>
---
 registry/remote/auth/client_test.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/registry/remote/auth/client_test.go b/registry/remote/auth/client_test.go
index 4fbe30e2..9e5ed69d 100644
--- a/registry/remote/auth/client_test.go
+++ b/registry/remote/auth/client_test.go
@@ -2025,7 +2025,7 @@ func TestStaticCredential(t *testing.T) {
 			},
 		},
 		{
-			name:     "Mismatch credential for regular registry",
+			name:     "Mismatched credential for regular registry",
 			registry: "registry.example.com",
 			target:   "whatever.example.com",
 			cred: Credential{
@@ -2035,7 +2035,7 @@ func TestStaticCredential(t *testing.T) {
 			want: EmptyCredential,
 		},
 		{
-			name:     "Mismatch credential for docker.io",
+			name:     "Mismatched credential for docker.io",
 			registry: "docker.io",
 			target:   "whatever.docker.io",
 			cred: Credential{